@rebasepro/server-postgresql 0.3.0 → 0.4.0

package/src/auth/services.ts

@@ -1,7 +1,7 @@
 import { eq, getTableName, sql } from "drizzle-orm";
 import { NodePgDatabase } from "drizzle-orm/node-postgres";
 import { getTableConfig, PgTable, AnyPgColumn } from "drizzle-orm/pg-core";
-import { users, roles, userRoles, refreshTokens, passwordResetTokens, userIdentities } from "../schema/auth-schema";
+import { users, refreshTokens, passwordResetTokens, userIdentities } from "../schema/auth-schema";
 import {
     UserRepository,
     RoleRepository,
@@ -28,8 +28,6 @@ export type { Role };
 
 export interface AuthSchemaTables {
     users: PgTable & Record<string, AnyPgColumn>;
-    roles: PgTable & Record<string, AnyPgColumn>;
-    userRoles: PgTable & Record<string, AnyPgColumn>;
     refreshTokens: PgTable & Record<string, AnyPgColumn>;
     passwordResetTokens: PgTable & Record<string, AnyPgColumn>;
     appConfig: PgTable & Record<string, AnyPgColumn>;
@@ -61,25 +59,19 @@ function getColumn(table: (PgTable & Record<string, AnyPgColumn>) | undefined, .
 export class UserService implements UserRepository {
     private usersTable: PgTable & Record<string, AnyPgColumn>;
     private userIdentitiesTable: PgTable & Record<string, AnyPgColumn>;
-    private userRolesTable: PgTable & Record<string, AnyPgColumn>;
-    private rolesTable: PgTable & Record<string, AnyPgColumn>;
 
     constructor(
         private db: NodePgDatabase,
         tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
     ) {
-        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).users || (tableOrTables as Partial<AuthSchemaTables>).roles)) {
+        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).users)) {
             const tables = tableOrTables as Partial<AuthSchemaTables>;
             this.usersTable = (tables.users || users) as unknown as PgTable & Record<string, AnyPgColumn>;
             this.userIdentitiesTable = (tables.userIdentities || userIdentities) as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.userRolesTable = (tables.userRoles || userRoles) as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.rolesTable = (tables.roles || roles) as unknown as PgTable & Record<string, AnyPgColumn>;
         } else {
             const table = tableOrTables as (PgTable & Record<string, AnyPgColumn>) | undefined;
             this.usersTable = table || (users as unknown as PgTable & Record<string, AnyPgColumn>);
             this.userIdentitiesTable = userIdentities as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.userRolesTable = userRoles as unknown as PgTable & Record<string, AnyPgColumn>;
-            this.rolesTable = roles as unknown as PgTable & Record<string, AnyPgColumn>;
         }
     }
 
@@ -115,6 +107,7 @@ export class UserService implements UserRepository {
             "email_verification_token", "emailVerificationToken",
             "email_verification_sent_at", "emailVerificationSentAt",
             "is_anonymous", "isAnonymous",
+            "roles",
             "created_at", "createdAt",
             "updated_at", "updatedAt",
             "metadata"
@@ -315,11 +308,9 @@ export class UserService implements UserRepository {
         const idColumn = idCol ? idCol.name : "id";
 
         const usersTableName = this.getQualifiedUsersTableName();
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
-
         const conditions = [];
         if (roleId) {
-            conditions.push(sql`EXISTS (SELECT 1 FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)} AND ur.role_id = ${roleId})`);
+            conditions.push(sql`${roleId} = ANY(${sql.raw(usersTableName)}.roles)`);
         }
         if (search) {
             const pattern = `%${search}%`;
@@ -331,7 +322,7 @@ export class UserService implements UserRepository {
         // Sorting: users with roles first if no role filter, then by requested order
         const orderByClause = roleId
             ? sql`ORDER BY ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`
-            : sql`ORDER BY (SELECT count(*) FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur WHERE ur.user_id = ${sql.raw(usersTableName)}.${sql.raw(idColumn)}) DESC, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
+            : sql`ORDER BY array_length(${sql.raw(usersTableName)}.roles, 1) DESC NULLS LAST, ${sql.raw(usersTableName)}.${sql.raw(orderColumn)} ${direction}`;
 
         const countResult = await this.db.execute(sql`
             SELECT count(*)::int as total FROM ${sql.raw(usersTableName)}
@@ -428,23 +419,25 @@ export class UserService implements UserRepository {
     }
 
     /**
-     * Get roles for a user from database
+     * Get roles for a user from database (inline TEXT[] column)
      */
     async getUserRoles(userId: string): Promise<Role[]> {
-        const rolesSchema = getTableConfig(this.rolesTable).schema || "public";
+        const usersTableName = this.getQualifiedUsersTableName();
         const result = await this.db.execute(sql`
-            SELECT r.id, r.name, r.is_admin, r.default_permissions, r.collection_permissions
-            FROM ${sql.raw(`"${rolesSchema}"."roles"`)} r
-            INNER JOIN ${sql.raw(`"${rolesSchema}"."user_roles"`)} ur ON r.id = ur.role_id
-            WHERE ur.user_id = ${userId}
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
         `);
 
-        return (result.rows as Array<{ id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null }>).map(row => ({
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
+        if (result.rows.length === 0) return [];
+
+        const row = result.rows[0] as { roles: string[] | null };
+        const roleIds = row.roles ?? [];
+
+        return roleIds.map(id => ({
+            id,
+            name: id,
+            isAdmin: id === "admin",
+            defaultPermissions: null,
+            collectionPermissions: null
         }));
     }
 
@@ -452,37 +445,39 @@ export class UserService implements UserRepository {
      * Get role IDs for a user
      */
     async getUserRoleIds(userId: string): Promise<string[]> {
-        const roles = await this.getUserRoles(userId);
-        return roles.map(r => r.id);
+        const usersTableName = this.getQualifiedUsersTableName();
+        const result = await this.db.execute(sql`
+            SELECT roles FROM ${sql.raw(usersTableName)} WHERE id = ${userId}
+        `);
+
+        if (result.rows.length === 0) return [];
+
+        const row = result.rows[0] as { roles: string[] | null };
+        return row.roles ?? [];
     }
 
     /**
-     * Set roles for a user
+     * Set roles for a user (replaces existing roles)
      */
     async setUserRoles(userId: string, roleIds: string[]): Promise<void> {
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
-        // Delete existing roles
-        await this.db.execute(sql`DELETE FROM ${sql.raw(`"${rolesSchema}"."user_roles"`)} WHERE user_id = ${userId}`);
-
-        // Insert new roles
-        for (const roleId of roleIds) {
-            await this.db.execute(sql`
-                INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-                VALUES (${userId}, ${roleId})
-                ON CONFLICT DO NOTHING
-            `);
-        }
+        const usersTableName = this.getQualifiedUsersTableName();
+        const rolesArray = `{${roleIds.join(",")}}`;
+        await this.db.execute(sql`
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = ${rolesArray}::text[], updated_at = NOW()
+            WHERE id = ${userId}
+        `);
     }
 
     /**
-     * Assign a specific role to new user
+     * Assign a specific role to new user (appends if not present)
      */
     async assignDefaultRole(userId: string, roleId: string): Promise<void> {
-        const rolesSchema = getTableConfig(this.userRolesTable).schema || "public";
+        const usersTableName = this.getQualifiedUsersTableName();
         await this.db.execute(sql`
-            INSERT INTO ${sql.raw(`"${rolesSchema}"."user_roles"`)} (user_id, role_id)
-            VALUES (${userId}, ${roleId})
-            ON CONFLICT DO NOTHING
+            UPDATE ${sql.raw(usersTableName)}
+            SET roles = array_append(roles, ${roleId}), updated_at = NOW()
+            WHERE id = ${userId} AND NOT (${roleId} = ANY(roles))
         `);
     }
 
@@ -499,114 +494,7 @@ export class UserService implements UserRepository {
     }
 }
 
-/**
- * PostgreSQL implementation of RoleRepository.
- * Handles all role-related database operations using Drizzle ORM.
- */
-export class RoleService implements RoleRepository {
-    private rolesTable: PgTable & Record<string, AnyPgColumn>;
-
-    constructor(
-        private db: NodePgDatabase,
-        tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
-    ) {
-        if (tableOrTables && ((tableOrTables as Partial<AuthSchemaTables>).roles || (tableOrTables as Partial<AuthSchemaTables>).users)) {
-            this.rolesTable = ((tableOrTables as Partial<AuthSchemaTables>).roles || roles) as unknown as PgTable & Record<string, AnyPgColumn>;
-        } else {
-            this.rolesTable = (tableOrTables as unknown as PgTable & Record<string, AnyPgColumn>) || (roles as unknown as PgTable & Record<string, AnyPgColumn>);
-        }
-    }
-
-    private getQualifiedRolesTableName(): string {
-        const name = getTableName(this.rolesTable);
-        const schema = getTableConfig(this.rolesTable).schema || "public";
-        return `"${schema}"."${name}"`;
-    }
-
-    async getRoleById(id: string): Promise<Role | null> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            WHERE id = ${id}
-        `);
-
-        if (result.rows.length === 0) return null;
-
-        const row = result.rows[0] as { id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null };
-        return {
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        };
-    }
-
-    async listRoles(): Promise<Role[]> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            SELECT id, name, is_admin, default_permissions, collection_permissions
-            FROM ${sql.raw(tableName)}
-            ORDER BY name
-        `);
-
-        return (result.rows as Array<{ id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null }>).map(row => ({
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        }));
-    }
-
-    async createRole(data: Omit<Role, "isAdmin" | "collectionPermissions"> & { isAdmin?: boolean; collectionPermissions?: Role["collectionPermissions"] }): Promise<Role> {
-        const tableName = this.getQualifiedRolesTableName();
-        const result = await this.db.execute(sql`
-            INSERT INTO ${sql.raw(tableName)} (id, name, is_admin, default_permissions, collection_permissions)
-            VALUES (
-                ${data.id},
-                ${data.name},
-                ${data.isAdmin ?? false},
-                ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : null}::jsonb,
-                ${data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null}::jsonb
-            )
-            RETURNING id, name, is_admin, default_permissions, collection_permissions
-        `);
-
-        const row = result.rows[0] as { id: string; name: string; is_admin: boolean; default_permissions: Record<string, boolean> | null; collection_permissions: Record<string, Record<string, boolean>> | null };
-        return {
-            id: row.id,
-            name: row.name,
-            isAdmin: row.is_admin,
-            defaultPermissions: row.default_permissions,
-            collectionPermissions: row.collection_permissions
-        };
-    }
-
-    async updateRole(id: string, data: Partial<Omit<Role, "id">>): Promise<Role | null> {
-        const existing = await this.getRoleById(id);
-        if (!existing) return null;
-
-        const tableName = this.getQualifiedRolesTableName();
-        await this.db.execute(sql`
-            UPDATE ${sql.raw(tableName)}
-            SET 
-                name = ${data.name ?? existing.name},
-                is_admin = ${data.isAdmin ?? existing.isAdmin},
-                default_permissions = ${data.defaultPermissions ? JSON.stringify(data.defaultPermissions) : JSON.stringify(existing.defaultPermissions)}::jsonb,
-                collection_permissions = ${data.collectionPermissions !== undefined ? (data.collectionPermissions ? JSON.stringify(data.collectionPermissions) : null) : (existing.collectionPermissions ? JSON.stringify(existing.collectionPermissions) : null)}::jsonb
-            WHERE id = ${id}
-        `);
-
-        return this.getRoleById(id);
-    }
 
-    async deleteRole(id: string): Promise<void> {
-        const tableName = this.getQualifiedRolesTableName();
-        await this.db.execute(sql`DELETE FROM ${sql.raw(tableName)} WHERE id = ${id}`);
-    }
-}
 
 export class RefreshTokenService {
     private refreshTokensTable: PgTable & Record<string, AnyPgColumn>;
@@ -878,7 +766,6 @@ export class PostgresTokenRepository implements TokenRepository {
  */
 export class PostgresAuthRepository implements AuthRepository {
     private userService: UserService;
-    private roleService: RoleService;
     private tokenRepository: PostgresTokenRepository;
 
     constructor(
@@ -886,7 +773,6 @@ export class PostgresAuthRepository implements AuthRepository {
         tableOrTables?: (PgTable & Record<string, AnyPgColumn>) | Partial<AuthSchemaTables>
     ) {
         this.userService = new UserService(db, tableOrTables);
-        this.roleService = new RoleService(db, tableOrTables);
         this.tokenRepository = new PostgresTokenRepository(db, tableOrTables);
     }
 
@@ -968,30 +854,48 @@ export class PostgresAuthRepository implements AuthRepository {
         return this.userService.getUserWithRoles(userId);
     }
 
-    // Role operations (delegate to RoleService)
+    // Role operations (roles are inline on users, synthesized from string IDs)
 
     async getRoleById(id: string): Promise<RoleData | null> {
-        return this.roleService.getRoleById(id);
+        return {
+            id,
+            name: id,
+            isAdmin: id === "admin",
+            defaultPermissions: null,
+            collectionPermissions: null
+        };
     }
 
     async listRoles(): Promise<RoleData[]> {
-        return this.roleService.listRoles();
+        return [
+            { id: "admin", name: "Admin", isAdmin: true, defaultPermissions: null, collectionPermissions: null },
+            { id: "editor", name: "Editor", isAdmin: false, defaultPermissions: null, collectionPermissions: null },
+            { id: "viewer", name: "Viewer", isAdmin: false, defaultPermissions: null, collectionPermissions: null }
+        ];
     }
 
-    async createRole(data: CreateRoleData): Promise<RoleData> {
-        return this.roleService.createRole({
-            ...data,
-            defaultPermissions: data.defaultPermissions ?? null,
-            collectionPermissions: data.collectionPermissions ?? null
-        });
+    async createRole(_data: CreateRoleData): Promise<RoleData> {
+        return {
+            id: _data.id,
+            name: _data.name,
+            isAdmin: _data.isAdmin ?? false,
+            defaultPermissions: _data.defaultPermissions ?? null,
+            collectionPermissions: _data.collectionPermissions ?? null
+        };
     }
 
     async updateRole(id: string, data: Partial<Omit<RoleData, "id">>): Promise<RoleData | null> {
-        return this.roleService.updateRole(id, data);
+        return {
+            id,
+            name: data.name ?? id,
+            isAdmin: data.isAdmin ?? (id === "admin"),
+            defaultPermissions: data.defaultPermissions ?? null,
+            collectionPermissions: data.collectionPermissions ?? null
+        };
     }
 
-    async deleteRole(id: string): Promise<void> {
-        await this.roleService.deleteRole(id);
+    async deleteRole(_id: string): Promise<void> {
+        // No-op: roles are inline strings on users
     }
 
     // Token operations (delegate to PostgresTokenRepository)
@@ -1314,6 +1218,3 @@ export class MfaService implements MfaRepository {
 
 /** PostgreSQL user repository implementation */
 export type PostgresUserRepository = UserService;
-
-/** PostgreSQL role repository implementation */
-export type PostgresRoleRepository = RoleService;

package/src/schema/auth-schema.ts

@@ -1,15 +1,14 @@
-import { pgSchema, pgTable, varchar, uuid, timestamp, boolean, jsonb, primaryKey, unique } from "drizzle-orm/pg-core";
+import { pgSchema, pgTable, varchar, uuid, timestamp, boolean, jsonb, text, unique } from "drizzle-orm/pg-core";
 import { relations } from "drizzle-orm";
 
 /**
  * Factory function to dynamically create the auth tables bound to the specified schema names.
  */
-export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchemaName: string = "rebase") {
-    const rolesSchema = rolesSchemaName === "public" ? null : pgSchema(rolesSchemaName);
+export function createAuthSchema(usersSchemaName: string = "rebase") {
     const usersSchema = usersSchemaName === "public" ? null : pgSchema(usersSchemaName);
 
-    const rolesTableCreator = (rolesSchema ? rolesSchema.table.bind(rolesSchema) : pgTable) as typeof pgTable;
-    const usersTableCreator = (usersSchema ? usersSchema.table.bind(usersSchema) : pgTable) as typeof pgTable;
+    const tableCreator = (usersSchema ? usersSchema.table.bind(usersSchema) : pgTable) as typeof pgTable;
+    const usersTableCreator = tableCreator;
 
     /**
      * Users table - stores both email/password and OAuth users
@@ -24,48 +23,18 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
         emailVerificationToken: varchar("email_verification_token", { length: 255 }),
         emailVerificationSentAt: timestamp("email_verification_sent_at"),
         isAnonymous: boolean("is_anonymous").default(false).notNull(),
+        roles: text("roles").array().default([]).notNull(),
         metadata: jsonb("metadata").$type<Record<string, unknown>>().default({}).notNull(),
         createdAt: timestamp("created_at").defaultNow().notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
     });
 
-    /**
-     * Roles table - defines permission sets
-     */
-    const roles = rolesTableCreator("roles", {
-        id: varchar("id", { length: 50 }).primaryKey(), // 'admin', 'editor', 'viewer'
-        name: varchar("name", { length: 100 }).notNull(),
-        isAdmin: boolean("is_admin").default(false).notNull(),
-        defaultPermissions: jsonb("default_permissions").$type<{
-            read?: boolean;
-            create?: boolean;
-            edit?: boolean;
-            delete?: boolean;
-        }>(),
-        collectionPermissions: jsonb("collection_permissions").$type<
-            Record<string, {
-                read?: boolean;
-                create?: boolean;
-                edit?: boolean;
-                delete?: boolean;
-            }>
-        >()
-    });
 
-    /**
-     * User-Role junction table
-     */
-    const userRoles = rolesTableCreator("user_roles", {
-        userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
-        roleId: varchar("role_id", { length: 50 }).notNull().references(() => roles.id, { onDelete: "cascade" })
-    }, (table) => ({
-        pk: primaryKey({ columns: [table.userId, table.roleId] })
-    }));
 
     /**
      * Refresh tokens for long-lived sessions
      */
-    const refreshTokens = rolesTableCreator("refresh_tokens", {
+    const refreshTokens = tableCreator("refresh_tokens", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         tokenHash: varchar("token_hash", { length: 255 }).notNull().unique(),
@@ -80,7 +49,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * Password reset tokens for forgot password flow
      */
-    const passwordResetTokens = rolesTableCreator("password_reset_tokens", {
+    const passwordResetTokens = tableCreator("password_reset_tokens", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         tokenHash: varchar("token_hash", { length: 255 }).notNull().unique(),
@@ -92,7 +61,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * App config - key/value store for custom settings
      */
-    const appConfig = rolesTableCreator("app_config", {
+    const appConfig = tableCreator("app_config", {
         key: varchar("key", { length: 100 }).primaryKey(),
         value: jsonb("value").notNull(),
         updatedAt: timestamp("updated_at").defaultNow().notNull()
@@ -101,7 +70,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * User identities - maps external OAuth profiles back to local users
      */
-    const userIdentities = rolesTableCreator("user_identities", {
+    const userIdentities = tableCreator("user_identities", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         provider: varchar("provider", { length: 50 }).notNull(), // e.g. 'google', 'linkedin'
@@ -116,7 +85,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * MFA factors table - stores enrolled MFA methods
      */
-    const mfaFactors = rolesTableCreator("mfa_factors", {
+    const mfaFactors = tableCreator("mfa_factors", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         factorType: varchar("factor_type", { length: 20 }).notNull(), // 'totp'
@@ -130,7 +99,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * MFA challenges table - tracks active MFA verification attempts
      */
-    const mfaChallenges = rolesTableCreator("mfa_challenges", {
+    const mfaChallenges = tableCreator("mfa_challenges", {
         id: uuid("id").defaultRandom().primaryKey(),
         factorId: uuid("factor_id").notNull().references(() => mfaFactors.id, { onDelete: "cascade" }),
         createdAt: timestamp("created_at").defaultNow().notNull(),
@@ -142,7 +111,7 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     /**
      * Recovery codes table - backup codes for MFA
      */
-    const recoveryCodes = rolesTableCreator("recovery_codes", {
+    const recoveryCodes = tableCreator("recovery_codes", {
         id: uuid("id").defaultRandom().primaryKey(),
         userId: uuid("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
         codeHash: varchar("code_hash", { length: 255 }).notNull(),
@@ -151,11 +120,8 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
     });
 
     return {
-        rolesSchema,
         usersSchema,
         users,
-        roles,
-        userRoles,
         refreshTokens,
         passwordResetTokens,
         appConfig,
@@ -167,14 +133,11 @@ export function createAuthSchema(rolesSchemaName: string = "rebase", usersSchema
 }
 
 // Instantiate default schema and tables using the default "rebase" schema
-const defaultAuthSchema = createAuthSchema("rebase", "rebase");
+const defaultAuthSchema = createAuthSchema("rebase");
 
-export const rebaseSchema = defaultAuthSchema.rolesSchema;
 export const usersSchema = defaultAuthSchema.usersSchema;
 
 export const users = defaultAuthSchema.users;
-export const roles = defaultAuthSchema.roles;
-export const userRoles = defaultAuthSchema.userRoles;
 export const refreshTokens = defaultAuthSchema.refreshTokens;
 export const passwordResetTokens = defaultAuthSchema.passwordResetTokens;
 export const appConfig = defaultAuthSchema.appConfig;
@@ -185,7 +148,6 @@ export const recoveryCodes = defaultAuthSchema.recoveryCodes;
 
 // Relations
 export const usersRelations = relations(users, ({ many }) => ({
-    userRoles: many(userRoles),
     refreshTokens: many(refreshTokens),
     passwordResetTokens: many(passwordResetTokens),
     userIdentities: many(userIdentities),
@@ -193,21 +155,6 @@ export const usersRelations = relations(users, ({ many }) => ({
     recoveryCodes: many(recoveryCodes)
 }));
 
-export const rolesRelations = relations(roles, ({ many }) => ({
-    userRoles: many(userRoles)
-}));
-
-export const userRolesRelations = relations(userRoles, ({ one }) => ({
-    user: one(users, {
-        fields: [userRoles.userId],
-        references: [users.id]
-    }),
-    role: one(roles, {
-        fields: [userRoles.roleId],
-        references: [roles.id]
-    })
-}));
-
 export const refreshTokensRelations = relations(refreshTokens, ({ one }) => ({
     user: one(users, {
         fields: [refreshTokens.userId],
@@ -254,9 +201,6 @@ export const recoveryCodesRelations = relations(recoveryCodes, ({ one }) => ({
 // Type exports
 export type User = typeof users.$inferSelect;
 export type NewUser = typeof users.$inferInsert;
-export type Role = typeof roles.$inferSelect;
-export type NewRole = typeof roles.$inferInsert;
-export type UserRole = typeof userRoles.$inferSelect;
 export type RefreshToken = typeof refreshTokens.$inferSelect;
 export type PasswordResetToken = typeof passwordResetTokens.$inferSelect;
 export type AppConfig = typeof appConfig.$inferSelect;

package/src/schema/doctor.ts

@@ -84,10 +84,28 @@ export function getExpectedColumnType(prop: Property): string | null {
             if (dp.columnType === "time") return "time without time zone";
             return "timestamp with time zone";
         }
-        case "map":
         case "array": {
-            const ap = prop as ArrayProperty | MapProperty;
-            if (ap.columnType === "json") return "json";
+            const ap = prop as ArrayProperty;
+            let colType = ap.columnType;
+            if (!colType && ap.of && !Array.isArray(ap.of)) {
+                const ofProp = ap.of as Property;
+                if (ofProp.type === "string") {
+                    colType = "text[]";
+                } else if (ofProp.type === "number") {
+                    colType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+                } else if (ofProp.type === "boolean") {
+                    colType = "boolean[]";
+                }
+            }
+
+            if (colType === "json") return "json";
+            if (colType === "jsonb") return "jsonb";
+            if (colType && colType.endsWith("[]")) return "ARRAY";
+            return "jsonb";
+        }
+        case "map": {
+            const mp = prop as MapProperty;
+            if (mp.columnType === "json") return "json";
             return "jsonb";
         }
         case "relation":
@@ -485,6 +503,29 @@ export async function checkCollectionsVsDatabase(
                     if (prop.type === "vector" && dbCol.udt_name !== "vector") {
                         isMismatch = true;
                     }
+                    if (prop.type === "array") {
+                        const ap = prop as ArrayProperty;
+                        let expectedColType = ap.columnType;
+                        if (!expectedColType && ap.of && !Array.isArray(ap.of)) {
+                            const ofProp = ap.of as Property;
+                            if (ofProp.type === "string") expectedColType = "text[]";
+                            else if (ofProp.type === "number") expectedColType = ofProp.validation?.integer ? "integer[]" : "numeric[]";
+                            else if (ofProp.type === "boolean") expectedColType = "boolean[]";
+                        }
+                        if (expectedColType && expectedColType.endsWith("[]")) {
+                            if (actualType !== "ARRAY") {
+                                isMismatch = true;
+                            } else {
+                                const expectedUdt = expectedColType === "text[]" ? "_text" :
+                                                    expectedColType === "integer[]" ? "_int4" :
+                                                    expectedColType === "boolean[]" ? "_bool" :
+                                                    expectedColType === "numeric[]" ? "_numeric" : "";
+                                if (expectedUdt && dbCol.udt_name !== expectedUdt) {
+                                    isMismatch = true;
+                                }
+                            }
+                        }
+                    }
                     if (isMismatch) {
                         issues.push({
                             severity: "warning",